Hi, I have a "philosophical" question on AuthenticationProcessingFilterEntryPoint. To send the client to the login page when trying to access a secure URTL the sendRedirect is used :
((HttpServletResponse) response).sendRedirect(((HttpServletResponse) response).encodeRedirectURL(redirectUrl)); When the tomcat team went from version 4 to version 5 they from sendRedirect to forward because when using a realm you can't directly access the login page and because of that a lot of people (including my clients) where addind config in apache server to redirect to a protected ressource when the client is trying to access the login page. In our project we don't have easy access to the apache config files (politics...) and by switching to acegi we have infinite loop because 1. client is accessing a protected ressource 2. acgi tells him to go to login page 3. apache tells him to go to protected ressource 4. go back to 2. We had to subclass the entry point to do a forward instead of a sendRedirect. Question is "Do you plan to provide a forward version ?" thanks Pascal Gehl ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
